368

"Boobs check" verify if sites behind CDN are hosted in Inside Iran or not (lemmus.org)

submitted 5 days ago* (last edited 5 days ago) by sundray@lemmus.org to c/mildlyinteresting@lemmy.world

32 comments fedilink hide all child comments

cross-posted from: https://lemmy.bestiver.se/post/770637

Comments

Nitter link: https://xcancel.com/hkashfi/status/1995109785679573167

top 32 comments

sorted by: hot top controversial new old

[-] MantisToboggon@lemmy.world 106 points 5 days ago

So how do I see the boobs

[-] gravitas_deficiency@sh.itjust.works 68 points 5 days ago

You put on your robe and wizard hat

[-] toynbee@lemmy.world 47 points 5 days ago

Goddamn old people.

Wait. I get that reference. Does that mean I'm an old people?

[-] Jesus_666@lemmy.world 15 points 4 days ago

Old men are the future!

[-] toynbee@lemmy.world 9 points 4 days ago

I don't think that's accurate.

[-] scutiger@lemmy.world 9 points 4 days ago

The future is now old men!

[-] popekingjoe@lemmy.world 18 points 5 days ago

Unfortunately. You'll be in the retirement home before you know it with the rest of us.

[-] toynbee@lemmy.world 2 points 2 days ago

I'm looking forward to being in a retirement home. Imagine the LAN parties.

[-] NOT_RICK@lemmy.world 56 points 5 days ago

Send bob and vagene

[-] sundray@lemmus.org 2 points 4 days ago

Sorry, they're in Scunthorpe right now.

[-] TheFogan@programming.dev 8 points 4 days ago

You'll find them here https://president.ir/en/president/cabinet

[-] Quadhammer@lemmy.world 14 points 5 days ago

I'm lookin at one right now

[-] Quadhammer@lemmy.world 16 points 5 days ago

Also don't be in Iran

[-] Imgonnatrythis@sh.itjust.works 4 points 5 days ago

You really need to get out of Iran.

[-] dumbass@piefed.social 1 points 5 days ago

I dunno, but if you find out, let me know.

[-] SchwertImStein@lemmy.dbzer0.com 37 points 5 days ago

[-] Object@sh.itjust.works 37 points 5 days ago

My original guess was that they're intercepting DNS, but since boobs is in the path, it wouldn't be sent. How does this work?

[-] sundray@lemmus.org 40 points 5 days ago

Don't know if this is entirely accurate, but Wikipedia has article about it.

[-] BCOVertigo@lemmy.world 20 points 5 days ago

They are giving response codes like 403 so it's not a failure to resolve and I agree it's not DNS... It's behaving differently based on different sub pages so it's something underneath the https encryption. Maybe an intermediary WAF that decrypts? Maybe some weird server side tooling that has govt provided?

I would guess WAF but I'd love to hear from someone who actually knows.

[-] Brkdncr@lemmy.world 14 points 5 days ago

It’s either

Client side ssl forward proxy (MitM cert installed on client)
in-line decryption in the server
client side software
tls downgrade
cert authority compromise

[-] baltakatei@sopuli.xyz 12 points 5 days ago

Right? If it were an unencrypted HTTP GET request, then every router on the way would see the plaintext string boobs in the URL and therefore intercept it.

If I had to guess, Iran has so few landline connections that they man-in-the-middle every TLS connection they can by either forcing every server to hand over their private key files (difficult) or by forcing a certificate authority trusted by default Web browsers (there's a lot of them) to issue certificates for every top level domain they see in SNI data attached to encrypted packet headers; the latter method need not even require participation by Iranian servers, so long as the traffic is bottlenecked for man-in-the-middle attacks and outsiders don't question unusual certificate authorities being used.

[-] mirshafie@europe.pub 11 points 4 days ago

It was annoying as hell trying to download a LaTeX compiler and having the entire word be blocked, presumably because certain degenerates use latex - the material - for immoral acts.

[-] MissingInteger@lemmy.zip 7 points 4 days ago

curl -i https://irangov.ir/boobs.jpg # HTTP 200
curl -i https://president.ir/boobs.jpg # HTTP 200
curl -i https://divar.ir/boobs.jpg # HTTP 404

Can't reproduce. The goverment websites don't even handle the error correctly: they give a HTTP 200 and an error page.

Does anyone have an actual working example?

[-] Buddahriffic@lemmy.world 1 points 2 days ago

Lol when I first read your screenshot, I thought for a moment they actually served you boobs.jpg from the government and president sites.

But maybe this is disinformation to make people think servers in Iran aren't?

"Oh boobs.jpg just gives a 404, can't be in Iran!" (When the server is in Iran)

Buddy doesn't even say what domain they figured out was in Iran with this "trick".

[-] technocrit@lemmy.dbzer0.com 7 points 4 days ago

First they came for the boobs...

[-] MadnessForTsar@lemmy.world 10 points 5 days ago

Why with Iran?

[-] sundray@lemmus.org 42 points 5 days ago* (last edited 5 days ago)

Presumably because instead of responding to the request for boobs.jpg with with an HTTP 404 error (meaning, "not found"), Iran's censorship tech returns a 403 error (meaning basically "you are forbidden from accessing this resource).

The "boobs" are "forbidden" you see; the tech mirrors the ruling party's moral stance, probably coincidentally. Trying the same curl command in Russia and China will likely just get you a 404 error, so the joke really only works with Iranian servers. The 404 version is slightly less funny: "We couldn't find the boobs!"

[-] fahfahfahfah@lemmy.billiam.net 15 points 4 days ago

Hey, at least they’re using HTTP codes correctly.

[-] mirshafie@europe.pub 7 points 4 days ago

It's 403 because they are upfront about the resource being censored as opposed to unavailable, and they tell you who to contact if you have legigimate reasons to access it.